Cisco Firewall :: Changing Subnet Mask In An ASA5520 Interface
Aug 8, 2012
We have an ASA 5520, working fine.One of the interfaces is connected to users PCs and printers mainly. Last months the number of devices has grown rapidly, and we would like to make some changes in it in order for it to be able to host new devices.We thought on change subnet mask of actual subnet (10.0.2.0/24) to 10.0.2.0/23, so it can hold as many devices.I understand I have to make some changes in the ASA, but my question is:What will happend to the acces rules I have created?Will I need to create them again? There are some objects which carry information about subnet mask, so I suppose I will need to redefine them, but for those without any subnet mask information, will I have to redefine them?
View 2 Replies
ADVERTISEMENT
Feb 11, 2013
I have an ASA5505 which provides internet (just internet) for about more than 600 pc/laptops. Can 5505's DHCP support this number?
View 4 Replies
View Related
Sep 27, 2012
Currently have an ASA5520, management port is set to management only connected to a management vlan, inside, outside and dmz ports also in use for respective traffic, all is working well, the issue i have is that the ITsupport staff on there user vlan have to have access to manage the ASA with ASDM at all times, this all works fine as i have added a route for management to there subnet, problem is that from this vlan they can no longer ping the remote sites which connect via site to site vpn. For troubleshooting and management purposes this is required, is there any way around this?, if we make the management port not management-only how will this effect other traffic or routing?
View 3 Replies
View Related
Jan 28, 2011
our subnet mask is 255.255.255.0....can I change it to something else like 255.255.0.0.
View 4 Replies
View Related
Jun 12, 2012
I have old interface hardware with Static IP 10.2.2.200 and on the same switch I have computers with IPs of 10.4.1.0 If I change subnet to 255.0.0.0 old hardware with 10.2.2.200 will be accessible. The problem is that I would like to have 255.255.255.0 as subnet but it should still be possible to access 10.2.2.200. Can I add Static route for oldhardware in XP without adding gateway settings? The most simple would be to put all on same subnet but it is not possible due to a various reasons. The computers are running Windows XP
View 10 Replies
View Related
May 8, 2011
what is subnet mask of 10.2.1.3/22
View 1 Replies
View Related
Apr 27, 2011
why do class D doesn't have subnetmask
View 1 Replies
View Related
Jul 13, 2012
I want to calculate Subnet Mask for 3 Router Each one in separate building the First building need 60 host and the second building 25 host and the last one 25 host .
Knowing that the company currently reserved public class C network address 210.2.1.0/24 for internal address and subnet 210.15.10.0/30 for the connection to the Internet router.
View 19 Replies
View Related
Nov 12, 2012
I would like to set the subnet mask off the lan to 255.255.240.0 but the selection menu do not allow to do it.
View 8 Replies
View Related
Mar 6, 2011
I understand ip addressing and what a subnet is.But why is it sometimes I connect two things together,it always requires a subnet mask, and other times no? For example when I try to connect two computers together, it requires both IP and subnet mask.But if I use FTP software all it ask for is IP.Same thing when connecting to a website through their ip, doesn't require subnet.
View 6 Replies
View Related
Feb 27, 2013
I am using TP-Link wireless router model no. TL-WR941ND.my isp provided static ip via cable modem.ip = a.b.c.d subnet = 255.255.255.254 = /31 but the router does not support subnet mask saying wrong subnet mask?
View 2 Replies
View Related
Jun 26, 2012
I want to use a subnet mask of 255.255.254.0. The setup window doesn't allow me to type in that mask, rather it only allows me to choose from options on a drop down menu (which doesn't include that mask). Is there a way to do this?
View 2 Replies
View Related
Nov 3, 2012
Given an IP address range, select the correct subnet mask for the scenario. IP address: 132.250.0.0/16, You need to create 100 networks with a minimum of 500 hosts per network. What is the correct Subnet mask and the 10th subnet address range?
View 1 Replies
View Related
Apr 18, 2013
what my IP address, my subnet mask, and what my default gateway is. I have tried typing "ipconfig" into CMD but then I only got up 100 boxes saying "Permissionisconnected"
View 12 Replies
View Related
Aug 22, 2011
I'm using my WRT320N as a home router, I need more ipadresses to be delivered to my computers, yet I can't get my router to give med wider netmask range. In the list I get 255.255.255.0 - 255.255.255.240 or something like that. I need 255.0.0.0 on my network and that would be perfect if i could get that...
View 5 Replies
View Related
Feb 23, 2011
subnet mask address is illegal cisco linksys?
View 1 Replies
View Related
Nov 27, 2012
after recovering from the PPPoE-port-forwarding-fiasco I had with the RV180 (url...), I decided to try again with a Small Business Router from Cisco. This time I took the RV042G, hoping that the higher age of this product comes with a more mature firmware.So far the functions I need, work satisfying. There is only one issue: The subnet-mask is only configurable using a dropdown-menu. I've read the posts from the Cisco-Support staff saying, that this is because it is only a SMB Router. So, we are a small business and we use the 172.20.x.y net for several reasons. One of it is to distinguish and group several network devices using the third block of the IP. Eg. our printers IPs start with 172.20.5.x and so on.
My question is: Is it really impossible to change the subnet-mask dropdown-menu to a simple text-field in the frontend? Because it is possible to change the subnet to whatever one needs by a little cURL-magic: [code] This sets the new subnet-mask permanently (even survives a reboot and is displayed correctly on the system-status page) and I have not discovered any problems.The only thing is, if you change settings on the setup -> network page, the netmask is reset and you have to rerun this script.
View 0 Replies
View Related
Dec 13, 2011
We have 10 ADSL lines and 5 of them goes in the load balancer (One gateway) and the rests are used as default gateways for internet access. We use ADSL routers as access points for internet, but those routers should be part of our network and should be given an address in order for them to act as default gateways for internet access. I'm facing a real prob with the ADSL routers Linksys WAG54G2 because they doesn't support a subnet mask 255.255.0.0 Any recommendation for an ADSL router model that support a netmask 255.255.0.0 ?
My cisco 2811 router interface configuration ip address: 172.20.0.1 255.255.254.0.Load balancer output lan ip address: 172.20.0.5.My ADSL routers will be in the following range : 172.20.0.6 - 172.20.0.10
View 1 Replies
View Related
Sep 28, 2011
Have a problem with a laptop connecting to a Wireless Router. The laptop was working fine on the last router which was on an ADSL Network.. (not that that matters),When the new router (Virgin Media / Cable) was installed all other laptops where connecting to it without any probs, but not this one.The laptop in question still receives an IP address, Subnet mask and Gateway from the router - Vista says Local only, no internet access. It cannot ping anything else on the network either. When I do ping it comes back destination host unreachable.
View 6 Replies
View Related
Mar 6, 2011
I am looking to change my Failover Int IPs on my PIX 515E Bundle, Cisco PIX Firewall Version 6.3(5)123 with the least impact on the network.
For example:
interface ethernet5 "state"
IP address 172.18.0.245, subnet mask 255.255.255.252
ip address state 172.18.0.245 255.255.255.252
failover ip address state 172.18.0.246
I want to change these lines to .....
interface ethernet5 "state"
IP address 172.18.0.185, subnet mask 255.255.255.252
ip address state 172.18.0.185 255.255.255.252
failover ip address state 172.18.0.186
View 3 Replies
View Related
Oct 16, 2011
i have a Cisco ASA 5520 8.4(1) with a ASA 5520 VPN Plus license
i want to use the management interface as a regular interface (using the no management-only command)is this interface a Gig interface as well ?
View 1 Replies
View Related
Nov 5, 2012
So I have a client with an ASA 5520 running version 9.0 (was on 8.4) that I am trying to get either IPSec or SSL VPN configured on. I got everything setup and tried to connect. However, I couldn't connect to either. I fired up the real time monitoring and didn't see any syslog messages referring to a VPN build up. I also enabled SSH/Telnet on the outside interface and cannot connect to the ASA outside interface. I can ping the outside interface and can ping the internet from the ASA. I did set up a test ACL on the ASA and ran packet tracer on it and the results came back fine.
There is an IPS in the ASA as well, but I disabled the ACL for that and still am having these issues. Part of me wonders if the ISP has something set up to block inbound traffic. This should be a business class connection.
View 5 Replies
View Related
Mar 27, 2011
We have 2 firewall (ASA5510) pairs. Each pari configured for Active/Stdby mode.
Pair1 : Internet browising, Remote access VPN, Citirx access & L2L VPN access
For this pair , I need to move the 'outside' interface to Gig 1/3 and change the IP addresses. (minimize the downtime)[code] Remove the ip from outside interface and add the new IP and enable to monitor interface outside?
View 4 Replies
View Related
May 29, 2011
Recently, I deployed ASA 5520 as our company firewall, everything was working fine except two main problem I still can not resolve them after I did a lot of research.
1. DNS rewriting - The internal user can not access the DMZ or internal server by put in the domain or external ip address. such as [URL] will resolve our wan ip address 210.0.0.83 ( internal ip address is 192.168.1.21 ).I used static (inside,Outside) tcp 210.0.0.83 https 192.168.1.21 https netmask 255.255.255.255 dns, but it will not work. We have our internal DNS server, but don't want to just add the domain as a record. Is there anyway to get the internal user to access Internal server and DMZ server through the public domain?
2. We also have an internal multiple subnet, another router was conneting to ASA firewall inside interface and using ip address 192.168.1.223, another subnet 10.1.15.16/28 is behind the this router, for the users in subnet 192.168.1.0/24, they connect firewall inside interface directly.I added an static route and intra-interface permit route inside 10.1.15.16 255.255.255.240 192.168.1.223 1same-security-traffic permit intra-interface I also added access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.15.16 255.255.255.240access-list inside_nat0_outbound extended permit ip 10.1.15.16 255.255.255.240 192.168.1.0 255.255.255.0nat (inside) 0 access-list inside_nat0_outbound The internal users on 192.168.1.0/24 can ping 10.1.15.18 but can not telnet to 10.1.15.18 22. If I set 192.168.1.223 as one of the workstation on 192.168.1.0/24 default gateway, it can telnet to 10.1.15.18 22 without any problem.
View 2 Replies
View Related
Apr 17, 2012
We have an ASA5520 running ver 7.0(8), nat-control is disabled. On the "outside" interface we have a closed network which is publicly addressed i.e. no access to Internet. We also have two Vlan interfaces on a trunk connection i.e. "inside" interface (Vlan7) and "dmz" interface (Vlan802). Traffic from the "outside" to "inside" is statically NAT'd such that the public IP is translated to a private IP when accessing the "inside" interface. However, our OSS servers on the "dmz" interface need to be able to receive packets from the public IP addresses on the "outside" . All is okay with the outside to inside traffic and traffic initiated from the OSS servers on the "dmz" to the outside works okay (snmp gets etc) i.e. the servers receive reply packets from the public addresses of the outside devices.
However, traffic that originates on the "outside" interface (snmp traps etc) which is destined for the "dmz" is actually being routed to the "inside" interface and therefore the public source address is being NAT'd by the static NAT command. The access-list "in_on_outside" has relevant entries to allow connectivity from outside to dmz, we have tried a static nat command (outside, dmz) to maintain the public addressing but this made no difference and also a nat exempt. With ########nat-control disabled - do I still need a translation or NAT exempt for the "outside" <> "dmz" traffic flow, if so how should this look ?
View 11 Replies
View Related
Mar 8, 2011
I have setup two different subnet 192.168.1.0 and 192.168.2.0 on the same 'inside' interface. They are unable talking to each other. I can ping from firewall to both subnet. Both side unable talking to each other unless I add route on the both side systems.I have added the followings in ASA5510. [code]
View 8 Replies
View Related
May 31, 2011
Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
View 1 Replies
View Related
Aug 7, 2011
I needed to change the mask, not the ip address, of the outside interface of an 5510 running 8.2(3).
Immediately afterwards I could establish ASDM but could not re-establish SSH.
I tried the following:
Zeroize the rsa key and generate a new one Create a new SecureCRT session to accept the new key
That didn't work. All I have is ASDM access.
View 2 Replies
View Related
Jun 14, 2012
I have a site-site VPN tunnel between my location and my remote office. My remote office is changing their ISP, so the VPN GW is getting changed. do i need to create new site-site tunnel again or changing the remote peer VPN GW in my FW is enough? FYI, i have cisco ASA5520 and my remote office has check point UTM-1 edge box.
View 1 Replies
View Related
Jan 14, 2012
I have some VPN site to site ( site B and site C connect to site A ). This subnet 10.0.56.0/28 is behind site B. Another subnet 10.0.56.16/28 is behind site C. I would like to route this 10.0.56.0/28 to reach the subnet 10.0.56.16/28. Is there any possibility to do this on ASA5520 (site A)?
View 3 Replies
View Related
Feb 27, 2013
I need to create a vpn connection between two ASA firewalls and when trying to create this AI get an error message below, The config I was to use is -
object net-local
Subnet 10.51.212.1 255.255.255.0
object network net-remote
subnet 10.10.2.65 255.255.255.0
ERROR: network IP address/mask <10.10.2.65/255.255.255.0> doesn't pair
View 2 Replies
View Related
Sep 7, 2011
IP Address : 192.168.1.0 /24
I need 50 hosts
I need to subnet for f 0/0 and s 0/0
I know for f 0/0 its 192.168.1.1 /26, but after hours and hours i can't seem how to subnet for the s 0/0
View 2 Replies
View Related
Aug 29, 2012
I am currently working with a vendor to get my ASA5520 setup to handle IPsec VPN connections for my clients and we are stumped with how to get the outside interface to respond to connections/requests.
I work for a state agency and our network connectivity is provided to us by another agency/department. The firewall I want to use for VPN connectivity has an outside address of 10.0.8.162 which is not routable outside the state's network. I have been assigned a set of public IP addresses for servers in my DMZ and I am wondering if it is possible to configure the ASA to utilize one of those public IP addresses for VPN communication. My DMZ network is setup as a local 192.168.10.0 network and the ASA is performing NAT translations to the corresponding public IP addresses.
Putting in a NAT rule to translate one of the public IP addresses to the 10.0.8.162 outside interface, but I wasn't sure if that would work.
View 1 Replies
View Related
